package com.hsd.znsh.security.app;

import com.hsd.znsh.repository.UserRepository;
import com.hsd.znsh.security.pc.PCAuthenticationFilter;
import com.hsd.znsh.security.pc.PCAuthenticationProvider;
import com.hsd.znsh.security.pc.PCUserDetailsService;
import com.hsd.znsh.service.RedisService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.*;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;


@Component
public class APPSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

	@Autowired
	private UserRepository userRepository;

	@Autowired
	private PasswordEncoder passwordEncoder;

	@Autowired
	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;

	@Autowired
	private AuthenticationFailureHandler myAuthenticationFailureHandler;

	@Autowired
	private SessionRegistry sessionRegistry;
	
	@Override
	public void configure(HttpSecurity http) throws Exception {
		List<SessionAuthenticationStrategy> list=new ArrayList<>();
		list.add(new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry));
		list.add(new ChangeSessionIdAuthenticationStrategy());
		list.add(new RegisterSessionAuthenticationStrategy(sessionRegistry));
		CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy=new CompositeSessionAuthenticationStrategy(list);
		APPAuthenticationFilter appAuthenticationFilter=new APPAuthenticationFilter();
		appAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
		appAuthenticationFilter.setAuthenticationSuccessHandler(myAuthenticationSuccessHandler);
		appAuthenticationFilter.setAuthenticationFailureHandler(myAuthenticationFailureHandler);
		appAuthenticationFilter.setSessionAuthenticationStrategy(compositeSessionAuthenticationStrategy);


		APPAuthenticationProvider appAuthenticationProvider = new APPAuthenticationProvider();
		appAuthenticationProvider.setUserDetailsService(new APPUserDetailsService(userRepository));
		appAuthenticationProvider.setPasswordEncoder(passwordEncoder);

		http.authenticationProvider(appAuthenticationProvider)
				.addFilterBefore(appAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
	}
	
}
